In response to the past DDoS attack experiences, a Security Engineer has set up an Amazon CloudFront distribution for an Amazon S3 bucket. There is concern that some users may bypass the CloudFront distribution and access the S3 bucket directly.
What must be done to prevent users from accessing the S3 objects directly by using URLs?

A. Change the S3 bucket/object permission so that only the bucket owner has access.

B. Set up a CloudFront origin access identity (OAI), and change the S3 bucket/object permission so that only the OAI has access.

C. Create IAM roles for CloudFront, and change the S3 bucket/object permission so that only the IAM role has access.

D. Redirect S3 bucket access to the corresponding CloudFront distribution.








 

Suggested Answer: B

Community Answer: B




This question is in SCS-C01 AWS Certified Security – Specialty Exam
For getting AWS Certified Security – Specialty Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.